GCI Network Solutions Ltd

Microsoft Security Managed Service

Delivered as a 24/7 security managed service based around Microsoft Sentinel SIEM solution. Providing Security monitoring, alerting and remediation via a dedicated UK based SOC. Nasstar Security experts provide real time response to security incidents as well as drive adoption of security best practises within the customers business.

Features

• 24/7 SIEM Managed Service
• Pro active threat hunting
• UK based SOC
• Fully managed EDR (optional)
• Phishing and anti-malware awareness training (optional)
• DPO as a service (optional)
• Vulnerability reporting and management (optional)
• Event driven security automation (optional)
• Monthly security reporting and best practice guidance (optional)
• Regulatory compliance assessments (optional)

Benefits

• Enables pro active security services
• Reduces organisational risk
• Improves security posture
• Identifies and mitigate security threats
• Leverages existing MS license investments
• Critical security data maintained with customer environment. No data exfiltration

£1,700 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

329767381177907

Contact

Roy Rodford
03450030000
tenders@nasstar.com

Planning

• Planning service: Yes
• How the planning service works: The enablement of these services includes a deployment and onboarding phase where the core Sentinel solution would be deployed within the customers Azure tenant.; ; Additional services can be provided separately to plan/implement other security and compliance workloads as per the customers requirement. e.g data classification schemas, DLP controls, Insider risk management solutions, identity protections and privileged identity management. Nasstar will work closely with customers to ensure that processes, pre-requisites and any considerations are fully understood.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Microsoft 365
  • Microsoft AZURE

Training

• Training service provided: Yes
• How the training service works: Nasstar are able to provide best practise guidance, product demonstrations, training sessions and knowledge transfer workshops for the entire Microsoft security product portfolio as required.; ; Available separately is an array of other training services around M365 and Nasstar can support pre- and post-launch activities, ranging from user profiling to floor-walking and VIP 'hypercare'.
• Training is tied to specific services: Yes
• Services the training service works with:
  • Microsoft 365
  • Microsoft AZURE

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Nasstar will work closely with customers to deploy the required Cloud services such as Microsoft Sentinel that underpin this service.; ; Additionally Nasstar can provide a wide range of professional services to support the wider adoption of Microsoft cloud services ensuring that security principles and best practise are built in by design from stage one.; ; Nasstar can provide services to support the adoption of all the various Microsoft security workloads.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Microsoft 365
  • Microsoft AZURE

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Nasstar support services are subject to agreed customer SLAs and performance is monitored against them.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: In-addition to this service which provides a fully cloud hosted security manages service, Nasstar has a support function that can provide incident management, monitoring and event management, release management and service management for Cloud and software solutions.

Service scope

• Service constraints: The Microsoft Security Managed Service will provide a full 24/7 security monitoring and management service, with rapid identification and mitigation of security issues and threats. However it cannot guarantee to protect an organisation from every possible cyber threat. in the event of a security breach Nasstar are able to provide CSIRT emergency response services to secure systems, recover access and data and provide forensic analysis of the root cause.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on the Priority, we will respond within 1 hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We are contactable via Skype for Business client or chat via Microsoft Teams.
• Web chat accessibility testing: Web chat is provided using Microsoft Teams. No additional assistive measures or technology testing done.
• Support levels: We provide level 2 service desk to service desk support, Infrastructure Support, Monitoring and Event Management, Release Management and Service Management.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems (URS)
• ISO/IEC 27001 accreditation date: 17/12/2021
• What the ISO/IEC 27001 doesn’t cover: No aspect of Nasstar’s operations, products or services are out of scope.; ; No Annex A controls are out of scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC
• PCI DSS accreditation date: 14/05/2021
• What the PCI DSS doesn’t cover: Nasstar’s Live Agent & IVR Payment Solution.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Microsoft Gold Security Partner
  • Microsoft Identity and Access Management Advanced Specialization
  • Microsoft Information Protection and Governance Advanced Specialization
  • Microsoft Threat Protection Advanced Specialization

Social Value

• Fighting climate change:

  Fighting climate change

  Nasstar is ISO14001 certificated. We also comply with SECR (Streamlined Energy Carbon Reporting) and ESOS (Energy Savings Opportunities Scheme). These are all things that look at how we manage, monitor and where possible reduce our environmental impact.
• Covid-19 recovery:

  Covid-19 recovery

  Nasstar was heavily affected by the pandemic, facing and overcoming considerable challenges to recover. We have been uniquely placed as a remote working solutions communications provider to assist customers in enabling thousands of employees to operate safely, securely and reliably from their home premises during lockdowns. Furthermore, we have continued to advise and enable thousands of end-users to adopt a hybrid model of work, taking advantage of both COVID-secure office workspaces and the benefits of remote operations as the UK works its way out of the COVID pandemic. We are proud to be enabling the future of the British economy and are driven to ensure as many businesses as possible are empowered by our support to deliver a strong national recovery.; ; We have evolved our hybrid working policy to improve conditions and productivity for our own employees. Our policy continues to guide the minimising of transmission by managing attendance in physical office spaces. Our office spaces are COVID-secure and continue to implement social distancing arrangements, improved sanitising/cleaning of workspaces and have included strict testing regimes to ensure the risk of spreading infection was well mitigated.; ; Within our workforce we are committed to protecting the most vulnerable to COVID-19, with support to both those who are personally shielding, or those whose family members/close contacts require shielding. Enhanced sick pay and flexibility for care arrangements enable our team to deal with the challenges COVID-19 has and continues to pose to us all, without undue fear of financial penalty or other restrictive situations. Employees have access to mental health first aiders and an Employee Assistance Programme, to further reduce reliance on public services.; ; Our commitments to supporting local communities under the Economic Equality responses can equally work in relation to COVID-19 recovery as they do for enhancing technology careers.
• Tackling economic inequality:

  Tackling economic inequality

  To positively influence economic equality we ensure we deliver quality services to a growing customer base. This puts us in a strong position to grow our employee base, extending opportunities and enhancing economic equality through job creation and additional training opportunities. ; ; We take an active interest in our customer’s end customer and local community, seeking to help where we can add value, especially where our customers support an underprivileged or underrepresented group in society. We’re able to share value beyond the contract’s prescribed services by offering our technical/commercial insights through lectures, talks, webinars, roundtables etc to the community. In particular, members of Nasstar are able and experienced in running community education sessions on topics ranging from career guidance to technology-specific workshops including IT adoption/education.; ; We’re keen to support early career development and access within the IT/Telecoms space and utilise apprenticeships, work placements, internships and graduate opportunities in order to encourage future growth within the industry.; ; We can partner locally to do this by:; • Linking with local schools and colleges to enable interested young people to attend our sites and undertake work experience either in our offices or by shadowing technical field staff. ; ; • Offering graduate/internship opportunities to local university students to experience technical projects, enabling them to put theory into practice and to gain vital work experience to gain permanent positions post-graduation.; ; • Providing apprenticeship opportunities, both administrative and technical and at different levels.; ; • Undertaking to increase these placements when large contracts are won, aligned to the public sector social value guidelines, in order to share and improve our social contribution to local communities.; ; In contrast to an industry where profit maximisation is traditionally motive (the private obligation), Nasstar believes that driving and fulfilling social value (the public obligation) is an integral part of any modern contractual relationship.
• Equal opportunity:

  Equal opportunity

  Nasstar actively promotes a culture of fair and equal treatment. Our ethos values people’s differences, and how they help everyone achieve more at work as well as in their personal lives. Our desire is to operate a business every person in society can feel proud to be an important part of. We are committed to providing a working environment that is responsive to different cultures and groups, where everyone has an equal chance to succeed and in which all employees are treated with respect and dignity.; ; We believe that the best decisions about people at work are based on their abilities, skills, performance, behaviour and our business requirements. Where necessary, we believe in taking proactive steps to make sure that policy, process and procedure provide a “level playing field” for everyone regardless of an individual’s protected characteristics. Training is freely provided within our business, with access to thousands of e-learning courses given to every employee across technical, personal, commercial skills and diversity, equity and inclusion awareness topics.; ; In 2022 we are committed to implementing a variety of pledges and covenants that demonstrate our objective of widening opportunity and representation in our business. These include the Disability Confident Scheme, Mental Health at Work Commitment, Armed Forces Covenant and the Equality and Human Rights Commission’s Working Forward community.; ; In 2022 we are seeking to expand representation across our business by adding recruitment advertising in equal opportunities-specific resources such as Women in Technology.; ; Our aim is to employ and retain individuals who embrace our inclusive culture, positive work ethic and have enthusiasm to join Nasstar on our journey of growth. Our goal is to create a workforce of the future within our sector, full of a genuine cross-section of society and all protected. characteristics.
• Wellbeing:

  Wellbeing

  Our Environment, Social and Governance Policy articulates our commitments which broadly align to the key features reported in the Good Work Plan (satisfaction, fair pay, participation and progression, well-being, safety and security, voice and autonomy). These work together to provide a healthy and engaging work environment. A selection of relevant commitments/policy positions are provided below:; ; • We believe in providing a working environment where our people can do their best work, and feel positive about the contribution they make to our success. We implement multiple initiatives that help provide a motivating workplace including regular performance reviews, setting and achieving personal objectives, and being recognised by managers for delivering good work. ; ; • Our Personal Development, Training Policy and Procedure outlines our commitment to providing job and career development for all employees, including opportunity to have a Personal Development Plan (PDP) and access to external courses/training.; ; • Our Health and Safety, Stress Management and Mental Health strategies include giving access to an Employee Assistance Programme, and having trained Mental Health First Aiders who run a virtual community where employees are able to discuss any concerns with a trained individual. We proactively promote this, to demonstrate there is no stigma in our business around this subject.; ; • We provide our team with opportunity to give back to their communities, recognising the importance of personal interests in and recognising wider ethical causes in supporting the wellbeing of our team and local communities. This includes an annual charity elected by employees for donations and sponsorship events and donations of volunteer days for employees to be able to contribute working hours to worthy community / charitable causes.; ; • We provide awareness training for our managers on a variety of topics that help to develop a motivating and safe environment where all employees can thrive and succeed.

Pricing

• Price: £1,700 a unit a month
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.